Updated: Path and Pinterest are probably two of the hottest social services right now, racking up millions of users and generating an ocean of favorable coverage. But both have gotten tripped up by the same thing that has made the social web a minefield for both Facebook and Google: namely, decisions that put their interests ahead of their users and a lack of disclosure about what was going on behind the scenes or under the hood of their services. Will these missteps spell doom for either company? Probably not. But the backlash is a welcome reminder that for social apps, the trust of users is not something to be toyed with.
Path, a mobile photo-sharing app that expanded to become a full-fledged mobile social app when it relaunched a couple of months ago, was co-founded and is run by Dave Morin, an early Facebook staffer. You might think the privacy blowups that the giant social network has experienced over the past couple of years would make Path pretty sensitive to handling user data properly, but that doesn’t seem to be the case: Earlier this week, controversy erupted when it was revealed that Path was uploading all of its users’ contacts to the company’s servers, something many users have taken as a breach of their privacy.
It may not seem like a big deal, but you should still disclose it
In public comments on the blog post that first brought this to light, Morin apologized and said that Path will fix the problem in an upcoming version by requiring users to explicitly opt-in. He also tried to defend the company’s behavior by saying that it is the “industry best practice.” As a commenter on the Hacker News thread about the issue put it, however, a better phrase might be “industry lowest common denominator.”
Update: Path’s CEO later apologized in a blog post for the way the service handled users’ data, and has said that in an attempt to make up for its mistake it has deleted any address data that was stored on its servers.
It is true that other apps and services also do this, including WhatsApp, Beluga, Hipster and others, and the ability to do so has been a part of Apple’s iOS since 2008. Others have also noted in Path’s defense that Apple allows apps to upload contacts without explicitly asking users for permission – something that it doesn’t do for other data such as a user’s location. And it is also true that importing a user’s address book makes it a lot easier to scan for friends who are already on Path and that this can be a benefit for a user in the long run.
That said, however, the anger and shock that Path’s move seems to have triggered among many users — some of whom say they have deleted the app and will never return — makes it pretty clear that even if this behavior has benefits for users, the lack of disclosure about what Path was planning to do is a deal breaker for many.
Pinterest, meanwhile, did something completely different to upset some of its users, but the underlying lesson is the same: The company — which says it has built up a massive user base of more than 10 million in just two months — is a content-sharing service where fans of different products and websites can post (or “pin”) their favorites. Since popular posts can drive a lot of traffic to websites that sell these products, Pinterest has been adding affiliate links that generate revenue for the site when users click on them.
Lesson: Never take your users for granted
As many of the company’s defenders have pointed out, this behavior makes a huge amount of sense for Pinterest, since it is providing a free service and needs to generate revenue somehow. But as with Path’s move — which also makes a lot of sense from a purely utilitarian point of view — Pinterest failed to disclose what it was doing to users or at least failed to make it obvious. Perhaps the company thought (as Path likely did) that users wouldn’t mind. But it turns out that plenty of them do mind.
Path’s decision seems the more surprising of the two, if only because there are so many examples of similar undisclosed or opt-in-by-default moves that have triggered a huge amount of backlash, and not just for Facebook but for Google as well. The search giant’s engineers also clearly thought that merging people’s email contact lists with their new Buzz service was a great idea — after all, it was the most efficient way to populate a user’s follow list. But many users disagreed, and so did the federal government, and the resulting backlash arguably helped kill Google’s first attempt at a real social service.
The lesson here is that for social apps, the trust of users is paramount, and the best way to maintain that trust is to be as open as possible about everything that is occurring, particularly if it involves a user’s personal data. Whatever you are doing with it may not seem like a big deal to you, but better to be open about it than have it revealed by someone else, at which point you look sneaky. As Craigslist founder Craig Newmark has put it, “Trust is the new black,” and it never goes out of style.